Inside DCSNet, the FBI's Nationwide Eavesdropping Network

Aug. 28

Page 2 of 3

The numerical scope of DCSNet surveillance is still guarded. But we do know that as telecoms have become more wiretap-friendly, the number of criminal wiretaps alone has climbed from 1,150 in 1996 to 1,839 in 2006. That's a 60 percent jump. And in 2005, 92 percent of those criminal wiretaps targeted cell phones, according to a report published last year.

These figures include both state and federal wiretaps, and do not include antiterrorism wiretaps, which dramatically expanded after 9/11. They also don't count the DCS-3000's collection of incoming and outgoing phone numbers dialed. Far more common than full-blown wiretaps, this level of surveillance requires only that investigators certify that the phone numbers are relevant to an investigation.

The Justice Department reports the number of pen registers to Congress annually, but those numbers aren't public. According to the last figures leaked to the Electronic Privacy Information Center, judges signed 4,886 pen register orders in 1998, along with 4,621 time extensions.

CALEA Switches Rules on Switches

The law that makes the FBI's surveillance network possible had its genesis in the Clinton administration. In the 1990s, the Justice Department began complaining to Congress that digital technology, cellular phones and features like call forwarding would make it difficult for investigators to continue to conduct wiretaps. Congress responded by passing the Communications Assistance for Law Enforcement Act, or CALEA, in 1994, mandating backdoors in U.S. telephone switches.

CALEA requires telecommunications companies to install only telephone-switching equipment that meets detailed wiretapping standards. Prior to CALEA, the FBI would get a court order for a wiretap and present it to a phone company, which would then create a physical tap of the phone system.

With new CALEA-compliant digital switches, the FBI now logs directly into the telecom's network. Once a court order has been sent to a carrier and the carrier turns on the wiretap, the communications data on a surveillance target streams into the FBI's computers in real time.

The Electronic Frontier Foundation requested documents on the system under the Freedom of Information Act, and successfully sued the Justice Department in October 2006.

In May, a federal judge ordered the FBI to provide relevant documents to the EFF every month until it has satisfied the FOIA request.

"So little has been known up until now about how DCS works," says EFF attorney Marcia Hofmann. "This is why it's so important for FOIA requesters to file lawsuits for information they really want."

Special Agent Anthony DiClemente, chief of the Data Acquisition and Intercept Section of the FBI's Operational Technology Division, said the DCS was originally intended in 1997 to be a temporary solution, but has grown into a full-featured CALEA-collection software suite.

"CALEA revolutionizes how law enforcement gets intercept information," DiClemente told Wired News. "Before CALEA, it was a rudimentary system that mimicked Ma Bell."

Privacy groups and security experts have protested CALEA design mandates from the start, but that didn't stop federal regulators from recently expanding the law's reach to force broadband internet service providers and some voice-over-internet companies, such as Vonage, to similarly retrofit their networks for government surveillance.

New Technologies

Meanwhile, the FBI's efforts to keep up with the current communications explosion is never-ending, according to DiClemente.

The released documents suggest that the FBI's wiretapping engineers are struggling with peer-to-peer telephony provider Skype, which offers no central location to wiretap, and with innovations like caller-ID spoofing and phone-number portability.

But DCSNet seems to have kept pace with at least some new technologies, such as cell-phone push-to-talk features and most VOIP internet telephony.

"It is fair to say we can do push-to-talk," DiClemente says. "All of the carriers are living up to their responsibilities under CALEA."

Matt Blaze, a security researcher at the University of Pennsylvania who helped assess the FBI's now-retired Carnivore internet-wiretapping application in 2000, was surprised to see that DCSNet seems equipped to handle such modern communications tools. The FBI has been complaining for years that it couldn't tap these services.

The redacted documentation left Blaze with many questions, however. In particular, he said it's unclear what role the carriers have in opening up a tap, and how that process is secured.

"The real question is the switch architecture on cell networks," said Blaze. "What's the carrier side look like?"